[CERT-daily] Tageszusammenfassung - Montag 10-08-2015

Mon Aug 10 18:04:27 CEST 2015

=======================
= End-of-Shift report =
=======================

Timeframe:   Freitag 07-08-2015 18:00 − Montag 10-08-2015 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a


*** Tech Firm Ubiquiti Suffers $46M Cyberheist ***
---------------------------------------------
Networking firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole $46.7 million using an increasingly common scam in which crooks spoof communications from executives at the victim firm in a bid to initiate unauthorized international wire transfers.
---------------------------------------------
http://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/


*** Welcome to The Internet of Compromised Things ***
---------------------------------------------
This post is a bit of a public service announcement, so Ill get right to the point: Every time you use WiFi, ask yourself: could I be connecting to the Internet through a compromised router with malware?Its becoming more and ..
---------------------------------------------
http://blog.codinghorror.com/welcome-to-the-internet-of-compromised-things/


*** Black Hat: Schadsoftware per Windows-Update mit WSUS ***
---------------------------------------------
Zwei Sicherheitsforscher demonstrierten auf der Black-Hat-Konferenz, wie sich die Windows Server Update Services (WSUS) zum Verteilen von gefälschten Windows-Updates in einem Unternehmensnetz benutzen lassen. Es gibt jedoch ein schlichtes Gegenmittel.
---------------------------------------------
http://heise.de/-2775156


*** Black Hat: SMM weiterhin grosses Einfallstor ***
---------------------------------------------
Ein Computerwissenschaftler zeigt ein Scheunentor, das schon zwanzig Jahre offen steht.
---------------------------------------------
http://heise.de/-2775248


*** RIG Reloaded - Examining the Architecture of RIG Exploit Kit 3.0 ***
---------------------------------------------
A few months ago the RIG exploit kit took quite a hit when its source code was leaked by a disgruntled reseller. At the time we wrote a blog post detailing the inner workings of RIGs infrastructure and business model,...
---------------------------------------------
http://trustwave.com/Resources/SpiderLabs-Blog/RIG-Reloaded---Examining-the-Architecture-of-RIG-Exploit-Kit-3-0/


*** Stagefright: Online-Ganoven tarnen Android-Trojaner als Sicherheitsupdate ***
---------------------------------------------
Während die meisten Hersteller keine oder wenige Firmware-Updates anbieten, die vor den gefährlichen Stagefright-Lücken schützen, können Online-Abzocker vermeintlich schon liefern. Es handelt sich dabei allerdings um einen Trojaner. 
---------------------------------------------
http://heise.de/-2775388


*** WP Statistics <= 9.5.1 - Referer Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8145


*** Stagefright: Motorola verspricht umfassende Updates ***
---------------------------------------------
Auch wenn es bisher noch keine Hinweise auf entsprechende Angriffe gibt – die vor zwei Wochen bekannt gewordenen Sicherheitslücken im Media Framework Stagefright haben ordentlich Bewegung in die Android-Welt gebracht. Nach Google, LG und Samsung meldet sich mit Motorola nun der nächste Hersteller zu Wort – und verspricht umfassende Updates.
---------------------------------------------
http://derstandard.at/2000020502273


*** Data, Technologies and Security - Part 1 ***
---------------------------------------------
A lot of technologies present themselves as solutions for multiple challenges. At BinaryEdge, we are big adepts of analyzing all the different technologies until we see what correctly adapts and fits our environment. From a security ..
---------------------------------------------
http://blog.binaryedge.io/2015/08/10/data-technologies-and-security-part-1/


*** What's Next in Malware After Kuluoz? ***
---------------------------------------------
Regular readers of this blog have heard all about the infamous Kuluoz malware. This family was the latest evolution of the Asprox malware and at its peak in 2014 it accounted for 80% of ..
---------------------------------------------
http://researchcenter.paloaltonetworks.com/2015/08/whats-next-in-malware-after-kuluoz/


*** Getting in with the Proxmark 3 and ProxBrute ***
---------------------------------------------
As a member of the Physical Security team here at SpiderLabs, some of my job responsibilities include getting into a facility by any (non-destructive) means necessary. When a client has decided once and for all that theyve trained their guards and fortified the gates, its time to test those defenses to measure just how resilient they actually are to an attack. And thats where we come in.
---------------------------------------------
https://www.trustwave.com/Resources/SpiderLabs-Blog/Getting-in-with-the-Proxmark-3-and-ProxBrute/


*** Google Analytics by Yoast <= 5.4.4 - Authenticated Stored Cross-Site Scripting (XSS) ***
---------------------------------------------
https://wpvulndb.com/vulnerabilities/8147


*** Mass Dark Web Scanning With PunkSPIDER ***
---------------------------------------------
A while back we did some work in scanning Tor hidden services for vulnerabilities (read about it here - btw I love this article for its use of dark web and explaining that the term is highly disputed). Basically, if you dont want to read it, we did a massive scan of the Tor network for web app vulnerabilities as part of our ..
---------------------------------------------
http://alex.hyperiongray.com/posts/289994-scanning-the-dark-web


*** Stagefright Vulnerability Disclosure ***
---------------------------------------------
StageFright which handles multiple media formats, is a system service for Android. This service is implemented by Native C++. The following diagram shows how media applications interact with ..
---------------------------------------------
http://translate.wooyun.io/2015/08/08/Stagefright-Vulnerability-Disclosure.html


*** Darkhotel APT Latest to Use Hacking Team Zero Day ***
---------------------------------------------
The Darkhotel APT gang has extended its geographic reach to victims in a host of additional countries, and has added to its cache of zero days with its use of a HackingTeam exploit for a Flash zero-day vulnerability.
---------------------------------------------
http://threatpost.com/darkhotel-apt-latest-to-use-hacking-team-zero-day/114176